Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
January 21, 2023 10:02 pm GMT

Avoid Financial Ruin by Configuring Your AWS Account(s) Correctly as a Beginner

Introduction

Deciding to learn cloud computing hands-on is a great decision for many people. No amount of tutorial or how-to videos can teach you as much as getting started yourself building your own projects in an environment as similar to those that pros use.

Using your own personal account means adding your own personal credit card, meaning that it is financially dangerous to operate in the cloud without understanding how to configure and protect your accounts. There are numerous stories about beginners mistakenly leaving expensive pay-as-you-go resources running or getting hacked, resulting in a huge bill at the end of the month. For example:

Reddit Logo AWS account hacked with huge bill of ~$70,000

Our aws account with just a average usage of $10 got hacked 90 days back and got a huge bill of ~$70,000. There were several EC2 servers created and used by hackers. We started working with AWS support, secured the account and now working with them to resolve the unauthorized billing issue for last 80 days. AWS support came back

I don't want that to happen to anyone, whether it be through your own mistakes or bad actors getting into your account.

General Account and Root Users

Your AWS account is essentially a big container for you to create users that can create things in AWS.

AWS users are individuals or entities that are granted access to an AWS account. Users can be granted different levels of access and permissions to different services and resources within the account. Starting out within your own account, you would manually create a user in the IAM console and grant administrative access that you can operate with (commonly called an admin user).

The root user of an AWS account is the initial user that is automatically created when the account is created. The root user has full access to all of the services and resources within the account, and can perform all actions and make all changes to the account. This user is considered to be the most privileged user in the account, and it is generally considered best practice to not use the root user for day-to-day tasks, and instead create and use IAM users for your day-to-day tasks.

If a root user's credentials are compromised, an attacker could potentially cause significant damage to the resources and services in the account, including deleting the account altogether.

Additionally, if an action is performed by the root user, it cannot be traced back to a specific individual, making it more difficult to determine who is responsible for any changes or issues that may occur.

To allow users other than the root user to see the billing console, in your root account, go to the account dropdown menu and scroll down to check the box to allow this under "IAM User and Role Access to Billing Information".

Budgets (Avoid the Big Bill)

Once you set up your account with a user created in the IAM console, you can go ahead and add a budget alert in the AWS Budgets console. You can set a nominal amount of money that you are comfortable with spending every month on AWS ($3 or less to start), and have the budgets app send you an alert when a certain threshold of your budget is met (ex. if your budget is $3 and your alert is set to 50% of your budget, you will receive an alert when your costs hit $1.50 that month).

Budget alerts can be easily set up to be sent through email, although text integration is a bit more complicated. A great AWS beginner project can be to set up budget alerts to text you when a threshold is reached.

A common misconception about AWS Budgets is that it will shut your cost-incurring resources down once 100% of your budget is used. This is not true, the budgets set simply alert you as configured, and do not control the usage of resources in your AWS account.

Multi-Factor Authentication

In accordance with best security practices in the cloud, all of your account users should be required to sign in with Multi-Factor Authentication when signing into the AWS console. This can be set up under the "security credentials" button on the dropdown menu in the top righthand corner of the console webpage.

Scroll down to the widget titled "Multi-Factor authentication (MFA)" and set up your authenticator, using an MFA application. I use Google Authenticator and it works very well for me.

The Importance of Having Multiple Accounts

To understand and emulate many important cloud concepts and tools used in enterprise scenarios, you need to create multiple accounts. This is because businesses use multiple accounts for development, testing and production and may choose to separate accounts for different teams within the company. Features and tools such as cross-account object access and CI/CD deployments require multiple accounts to effectively replicate in your personal environment. I have an initial account that I build and test in called my "dev" account and another that I finally deploy apps into called my "prod" account.

To create another AWS account, you will need another email to use Thankfully, many popular email servers support the use of the "+" character to create a new, unique email address using your main email address. Some examples include:

-Google: You can add a "+" sign followed by any string of characters before the "@" symbol in your email address. For example, if your email address is "[email protected]", you could create a new email address by using "[email protected]".

-Yahoo: Similarly, you can add a "+" sign followed by any string of characters before the "@" symbol in your email address.

-Microsoft: Outlook and Hotmail support this feature, using a "+" sign followed by any string of characters before the "@" symbol in your email address.

Make sure you configure a non-root user, MFA and use unique passwords on each account that you create.

Conclusion

Starting your own AWS account is a great move to learning cloud computing and building innovative applications and more using the uniquely powerful resource of the cloud. A lack of attention to the cloud's pay-as-you-go model and cyber-criminals have caught quite a few people off-guard with large bills, but you can avoid this issue using billing alerts, configuring MFA.

Good luck and cloud on!! :)


Original Link: https://dev.to/thomasrauffenbart/avoid-financial-ruin-by-configuring-your-aws-accounts-correctly-as-a-beginner-5184

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To